1. Field of the Invention
The present invention relates to encrypting information on a storage cartridge and more particularly to attaching an identifier to a key certificate when encrypting information.
2. Description of the Related Art
Protecting and securing data is an important concern to be addressed when designing information management systems. It is common for data to be continually archived on various storage media, such as tape cartridges or optical disks. When archiving data on tape or other removable storage medium, one security concern is that the tape could be stolen to access the data it contains. Also, if the tape can be mounted into a tape drive through remote commands transmitted over a network, then there is a concern that someone may compromise the system, mount the tape or other storage medium in a drive, and then access the data.
Known approaches to addressing these issues have included encrypting all or most of the data on the storage media. However, these approaches also have drawbacks that include security weaknesses, implementation challenges, and unwieldy complexity. For example, conventional solutions that store the data encryption key in unencrypted form on the same tape as the data it encrypts allow anyone with physical access to the tape to retrieve the data key from the tape and use it to decrypt the data. Furthermore, use of a single key to encrypt all of the data on one or more tape cartridges allows whoever has use of the key to decrypt all of the data comprising the tape cartridge, including data that doesn't belong to the user. Alternatively, multiple data keys can be stored on the tape drive, but key management becomes complicated when using multiple tape drives, as each tape drive has to be able to store all keys that are in use by all tape cartridges in the tape storage library. In addition, using multiple keys for one or more cartridges can lead to a proliferation of keys as the number of authorized users, tape drives, and tape cartridges grows. Known encryption systems also maintain the encryption and decryption keys in a central location, and the management and transfer of large numbers of such encryption keys can create additional issues.
One approach to addressing these issues is to encrypt the data keys and store them on the tape cartridge itself. For example, when a tape drive requests an encryption key, a random symmetric data key (DK) is generated by an external key manager (EKM). Public/private cryptographic operations are then performed by the EKM to wrap the DK using a key encryption key (KEK), which is typically the public key of an asymmetric key pair. The wrapped data key, along with key label information about what private key is required to unwrap the symmetric key, forms an envelope generally known as an encryption encapsulated data key (EEDK). The EEDK is then typically stored in one or more places on the tape cartridge along with the data it encrypts. To facilitate key management, it is common to implement an encryption policy that assigns a key label, or alias, to a tape cartridge volume serial number (VOLSER) range encrypted by the EEDK. When an encrypted tape is to be read, the tape drive sends the EEDK to the EKM that contains its decryption key. The EKM determines from the EEDK's key label which private key from its keystore to use to unwrap the EEDK and recover the DK. Once the DK is recovered, it is then wrapped with a different key and sent to the tape drive, which decrypts the DK. The tape drive then decrypts the encrypted data on the tape cartridge using the decrypted DK. Similarly, a valid key label for the tape cartridge's VOLSER is retrieved if the tape is to be appended with encrypted data. Once retrieved, the same process is followed to decrypt the EEDK to retrieve the correct DK to encrypt the appended data. However, if multiple EKMs are implemented, each EKM has to be accessed to determine whether it produced the EEDK referenced by its key label.
One issue relating to encrypting the data keys is that different certificates can have the same alias (whether they are in same EKM caused by versioning or different EKM), thus potentially confusing management of keys. Having the same certificates with different alias can also confuse management of certificates. This can create confusion if keystores, certificates and items like cartridges that contain aliases are not organized.